1. Field of the Invention
The present invention is related to secure data processing, and more specifically to methods and apparatus for securely employing resources external to a secure biometric data acquisition system to assist with storage and processing of acquired user biometric data.
2. Description of the Prior Art
The use of biometric data for identification and/or authentication of an individual has been and continues to be a popular security tool. For example, since fingerprints are unique to each individual, methods and devices have been developed to acquire and compare characteristics of the surface or structure of the skin at or proximate a user's fingertip and, from that data, generate user biometric data representing the user's fingerprint pattern. The fingerprint pattern (commonly referred to as a fingerprint) is compared to other patterns in a library of enrolled patterns for the purposes of authenticating an individual, verifying identity, granting access to a computer, room or building, etc. In certain devices and systems, fingerprint pattern data is obtained by passing a fingertip over a sensor, which captures multiple partial “images” of the fingertip, which are assembled or normalized into a single composite image for further analysis. In other systems, other biometric image data may be acquired and used for security purposes.
A feature template is typically formed from the acquired biometric image data. The features for the template may be image data from an entire fingerprint image, selected minutiae extracted from the image data, or some other feature of interest. The feature template is compared to one or more stored enrolled biometric templates which represent previously enrolled (or registered) fingerprint data. A secure biometric access system permits or denies access to files, facilities, etc. based on the sufficiency of a match between the feature template and any one of one or more enrolled biometric templates.
Operating on a template, as opposed to a full fingerprint image, greatly reduces system memory and processing demands, and greatly speeds up the comparison process. However, creation of the template generally places additional time, processing, and memory demands on computational resources. Additional details surrounding the computational requirements for the generation of templates are discussed further below.
In many systems, measures are taken to protect the acquired biometric image data, enrolled data, and the comparison and analysis process, often stored and processed on special hardware, from fraud and improper tampering and use. Often this protection involves isolating the secure biometric data acquisition, storage, and analysis elements from the host system's processor and memory, which are often not secure, and are vulnerable to compromise from such attacks as computer viruses, hacking, etc. Therefore, systems which resist compromise by computer viruses and other security attacks and in which the comparison and analysis process takes place on specialized hardware resources are often referred to as secure biometric data processing systems. As data provided directly by secure biometric data processing systems is protected against tampering, fraud, viruses, etc., such data is referred to herein as trusted data. Data provided by data processing systems other than the secure variety may have been tampered with, contain viruses, or otherwise be compromised in such a manner that a biometric match result may not be trusted. Accordingly, data provided by sources other than secure biometric data processing systems is referred to herein as untrusted data.
Typically, biometric data analysis proceeds more slowly than data acquisition. Therefore, significant memory resources are required to buffer the data received from the biometric sensor in real time prior to further processing. For example, as a fingertip is scanned and data representing the fingerprint is generated it must be stored securely in real time for later analysis and identification. (While part of the incoming data may be used in the biometric analysis process, additional data will be incoming and must be stored until needed in the ongoing analysis process.) Alternatively, all data may be obtained prior to beginning any biometric data analysis. Either way, data storage resources are required to buffer data in a manner that maintains its trustworthiness until needed in the analysis process. The volume of raw biometric data can be quite large, and therefore significant storage resources may be required. As an example, the NIST storage requirement for an 8-bit, 1-inch square fingerprint image is 250 Kbytes at an image resolution of 500 dots per inch (dpi).
Typical elements required for biometric identification include a sensor device for example for acquiring an image of a fingerprint, a processor for performing data analysis, and various memory elements for storing raw image data, processed image data, features and enrolled biometric templates, etc. In theory, the processor for performing the biometric data analysis can be a generic processor shared by other system resources or form part of a dedicated, specialized custom integrated circuit. That is, the processor and memory performing the data analysis may be part of a general purpose computer system within which a biometric sensor operates, or may be an integral component of the biometric sensor system itself. The use of general purpose processors, such as a personal computer's CPU, and generic memory, such as a personal computer's RAM and hard disk drives, is inexpensive but does not typically isolate the biometric image process from the host system, and thus renders any data untrustworthy and vulnerable to compromise from threats such as computer hacking. Custom security hardware offers better protection from hacking, but is more expensive than generic computer system resources because of the need for dedicated hardware resources.
In practice, security concerns prevail, and fingerprint data is typically maintained in a trusted manner by buffering and processing on dedicated, custom digital hardware connected to the sensor device. Such memory and processing hardware are isolated from the host system both physically and by electronic security measures such as encrypted communication, etc.
For example, one class of biometric identification devices include a sensor chip positioned on one surface of a carrier. Disposed elsewhere on the carrier are a data processor and memory. These components are operable within a host system such as a personal computer, cell phone, door lock, etc. These components are further coupled to one another such that as a user slides a fingertip across the surface of the sensor chip multiple partial images of the user's fingerprint are captured and are delivered to the memory. The processor may then access the images in the memory, and by one or more of a number of techniques, process them and compare them to one or more previously enrolled biometric templates in order to determine if the user's live fingerprint matches an enrolled fingerprint. The results of the comparison are then provided to the host system, requesting server, or other element of the overall system employing fingerprint identification. No other system access to the biometric identification device processor or memory is permitted. However, such a dedicated hardware solution has heretofore been expensive and memory-constrained compared to generic computing resources.
The dilemma faced by biometric systems developers has been the forced choice between general systems that are less than sufficiently secure, and secure systems which significantly add to the cost of the overall system. Specifically, it has historically been a challenge to provide a biometric sensor device with sufficient secure memory resources to handle the buffering required for data acquisition and fingerprint analysis without adding significant cost for dedicated hardware, memory, etc. to the cost of the overall system.